Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk https://flare.io/learn/resources/docker-hub-secrets-exposed/
For years, there’s been a saying in the security world: hackers don’t need to hack anymore – the keys are handed to them on a silver platter. But is that really true? That question is what sparked our research into exposed secrets on Docker Hub. We designed a methodology to analyze leaked credentials, validate which were real, and investigate their origin:
who they belonged to
the environments they granted access to
the potential blast radius to both the affected organizations and the
wider ecosystem
The findings confirm a new attack paradigm: attackers don’t hack in – they authenticate in – using keys that companies accidentally publish themselves.
